Why is this so complicated and not standardized? Because nerds valorize deleterious individualism.

2. Upgrade firmware

Routers are in fact small computers running Linux, and they have vulnerabilities and bugs like any computer. Fixes for these are called firmware updates. Often, they will also improve performance and resolve WiFi issues, so you always want to be running the latest version. You don't even have to care about security, these updates can improve your signal and speeds.

Here are links to the support pages of some popular manufacturers. Note that cable modems can only be updated by the cable company.

3. WiFi encryption type and password

There have been multiple generations of WiFi security, and for that reason many people's devices are configured with outdated settings. For years, manufacturers set-up routers with the most lenient configuration to try to avoid any possible customer support calls. Unfortunately, as time has gone on this means many people do not have proper protection, using technology that's over 10 years old and broken.

Coming soon is WPA3, but as of the last update of this post, it’s not released yet.

Encryption type: WPA2 Personal + AES (CCMP)

Password: Make it 12 characters or more. WiFi passwords can be brute-forced over a long period of time and you should rarely have to type it in, so just make a good password that will last you.

4. Change admin password

It sounds ridiculous, but if you leave the default password on your router, in some cases just clicking a link on the Internet can change the router settings. Or, if one of your computers gets infected, some malware tries the most common router passwords to attempt to hijack the web on every computer in your house. Trust me this happens, but most people have no idea because antivirus doesn't scan routers. It's important you change the password!

Because outsiders can't get to the admin page, you do not need a complex password - it just needs to be something you won't lose when you need it.

Once you change the password, write it on a piece of paper and tape it to your router. You should log out of your router when you're not actively administering it.

5. Change DNS to redundant services for IPv4

When you hear about major home Internet outages on the news, it's often because the servers the ISP was using that operate as the "phonebook of the Internet" were attacked, or were down. Related, the major internet attack on October 2016 against Dyn was against DNS. I personally didn't even notice because the services I use mitigated the issue for me.

Or, how about when you type in a website address incorrectly and a search website from your ISP appears? That's actually not supposed to happen, your ISP is hijacking DNS NXDOMAIN to show you ads.

Change your DNS servers to the following to fix both these issues.

DNS1: 208.67.222.222

DNS2: 8.8.8.8

DNS3: 9.9.9.9 (you may not have this option)

DNS4: 1.0.0.1 (you may not have this option)

The first is OpenDNS and the second is Google. OpenDNS is first because they do special caching to hide DNS outages from hurting you. OpenDNS no longer does NXDOMAIN hijacking, they make their money from their business security product.

The third is Quad9 by a consortium of security companies, and the fourth is Cloudflare’s alternate IP address with fewer compatibility issues. (Their main is 1.1.1.1 but there are some equipment makers who intercept it)

6. SSID hiding and MAC filtering: Off

These settings have uses, but they are not for normal home users. If you're using either, turn them off and just forget these options exist. The only layer of securitythat works is astrong WiFi password.

8. Remote Management: Off

Turn this off. There's no need for teenagers in another country to scan the Internet and find your router's administration page. That would be bad. This should already be off.

9. Change DNS to redundant services for IPv6

If your IPv6 DNS servers fail, your computer will fall back to IPv4, but changing these may be useful to avoid ISP NXDOMAIN hijacking showing you ads. Be aware: Your router may or may not let you change these settings.

Extra: Guest network

Use for Internet-only devices that don't need local LAN access to other electronics, enable guest isolation.

Extra: Recommended hardware upgrades

If you're still on an ancient router that's not getting security updates, or renting your modem from your cable company for $10 a month, you might be interested in the below recommendations from WireCutter, which is owned by the New York Times. I do not get any revenue from you clicking these links.

Article changelog:

2018-11-24: Changed DNS3 to Quad9 and DNS4 to Cloudflare. Added mention of WPA3. Added IPv6 DNS.2017-05-08: Changed Level3 DNS to OpenNIC since L3 is deprecating the feature2017-10-16: Moved WPA2-AES recommendation up to step 3